A GDPR-compliant AI platform, by design
Haba is built for GDPR-aligned use: Germany-based infrastructure, per-client data isolation, end-to-end encryption, and audit trails. External actions are approval-gated, so nothing is sent or published without a human.
Enterprise Security
What we put in place
- Germany-based infrastructure for EU-aligned deployments.
- Per-client data isolation โ your company context is not shared across customers.
- End-to-end encryption and audit trails for every action.
- Approval-gated execution: publish, send, and writes to third-party systems require a human.
- You own your data and can review subprocessors and a DPA as part of your legal review.
Security โ FAQ
Where is data hosted?
Germany-based infrastructure for EU-aligned deployments. Confirm current hosting and subprocessors on the Security page and DPA.
Is Haba GDPR-compliant?
Haba is designed for GDPR-aligned use: data isolation per client, encryption, and auditability. Your legal review should cover DPA and subprocessors for your jurisdiction.
Can we audit what agents did?
Yes. Actions are logged with approval history so you can see what was proposed, approved, and executed.
How is company data separated from personal use?
Company context and work stay in the workspace; personal and company boundaries are part of the product design (see Security for role access).
Need a security or DPA review?
We're happy to walk your team through hosting, subprocessors, and data handling.
Contact us